与Android 4.4模拟Mifare卡 [英] Emulate Mifare card with Android 4.4

问题描述

我研究的Mifare和其他卡仿真我在编程很好的知识（不是机器人，而是C / C ++）。我有proxmark和我进行了多次模拟codeS为proxmark，所以我知道卡的通信方式。

I have researched Mifare and other card emulation I have very good knowledge in programming (not Android, but C/C++). I have proxmark and I have made multiple emulation codes for proxmark, so I know how the cards communicate.

我不明白，目前，它的Andr​​oid实现完全卡仿真。 我研究这个约3天，现在，得出的结论是，没有一个不变的模式。有人说，这是可能的，有人说是不是。我看了看，通过Android的API和基于主机卡仿真似乎是能够做的伎俩，但据我所知它是在4.4奇巧新的东西，没有任何人有任何的经验吗？

I don't understand currently, does android enable full card emulation. I have researched this for about 3 days now, and the conclusion is there is no one constant pattern. Some people say it is possible, some say it is not. I looked through android API and the Host-based card emulation seems to be able to do the trick, but as I understand it is new thing in 4.4 Kitkat, does anyone have any experience with that?

为了让事情变得简单，目前我正在研究的基础最简单的仿真功能的Mifare超轻。此卡是一种安全的噩梦，没有加密和它只有大约10个函数。所以，我很感兴趣，开始研究有了这张卡，因为这是一个最简单的重现。

To make things simple, currently I'm investigating the basic most simple emulation for Mifare Ultralight. This card is a security nightmare, there is no encryption and only about 10 functions it does. So I'm interested in starting research with this card, because it is the easiest one to reproduce.

因此​​，没有人在卡仿真机器人上的任何信息。也许不是用股票操作系统。如果事情是值得了解的将是非常美联社preciated。

So does anyone have any knowledge in card emulation on android. Maybe not using the stock OS. Any thing that is worth knowing would be very appreciated.

感谢。

推荐答案

使用基于主机卡仿真（HCE）的Andr​​oid 4.4系统，你只能模拟ISO / IEC 14443-4协议。更具体地讲，你只能根据ISO / IEC 7816-4（因此卡仿真应用程序需要进行选择，虽然一个AID）模拟应用程序结构。此外，API不给你，如果要使用A型或B型协议来进行卡模拟任何方式来指定。

With host-based card emulation (HCE) in Android 4.4 you can only emulate the ISO/IEC 14443-4 protocol. More specifically you can only emulate application structures according to ISO/IEC 7816-4 (thus card emulation applications need to be selected though an AID). Moreover, the API doesn't give you any means to specify if card emulation should be done using Type A or Type B protocol.

各MIFARE协议，因此对于仿真​​：

So regarding emulation of various MIFARE protocols:

• 的 MIFARE超轻的（和衍生物）协议工作在ISO / IEC 14443-3的顶部。这是不可能使用这种低层协议使用的是Android HCE模拟卡。
• 的 MIFARE经典的协议的一部分工作在ISO / IEC 14443-3的顶部（有一些不同的帧）。因此，它也不可能采用Android HCE模拟MIFARE经典。

• MIFARE DESFire非的协议在ISO / IEC 14443-4之上运行。还有的DESFire非协议的三个变种：

• MIFARE Ultralight (and derivates) protocol operates on top of ISO/IEC 14443-3. It is not possible to emulate cards using such low layer protocols using Android HCE.
• MIFARE Classic protocol partially operates on top of ISO/IEC 14443-3 (with some different framing). Thus, its also not possible to emulate MIFARE Classic using Android HCE.

• MIFARE DESFire protocols operate on top of ISO/IEC 14443-4. There are three variants of the DESFire protocol:

1. 的本地协议的：根据ISO / IEC该协议不使用的APDU 7816-4其不可能采用Android HCE效仿
2. 的包装机协议的：该协议使用的APDU根据ISO / IEC 7816-4，但是，读者通常会无法启动时，用卡进行通讯的包装使用的DESFire AID发出SELECT命令本机命令模式。 （注：较新的阅读器实现更可能发出SELECT命令，它与Android兼容HCE，因为这还需要一段恩智浦新型智能卡产品的DESFire协议仿真）
3. 的 ISO协议的：该协议是基于ISO / IEC 7816-4和使用应用程序的选择由AID。因此，有可能采用Android HCE来模拟此协议。

1. native protocol: As this protocol does not use APDUs according to ISO/IEC 7816-4 its not possible to emulate it using Android HCE.
2. wrapped native protocol: This protocol uses APDUs according to ISO/IEC 7816-4, however, readers will typically not issue a SELECT command using the DESFire AID when starting to communicate with a card in wrapped native command mode. (Note: Newer reader implementations are more likely to issue a SELECT command that is compatible with Android HCE as this is also required for some of NXP's newer smartcard products with DESFire protocol emulation.)
3. ISO protocol: This protocol is based on ISO/IEC 7816-4 and uses application selection by AID. Thus, it may be possible to emulate this protocol using Android HCE.

一些读者可能需要在较低的协议层的某些参数的值（诸如特定UID级联级，在一定ATQA值，在一定SAK值，或在一定的ATS）。机器人HCE没有任何手段来设置这些值。一个可能的方法见的安卓主机卡仿真编辑功能来修改这些值在某些根深蒂固的设备和的my回答基于主机卡仿真与固定卡ID 的策略在自定义ROM以编程方式改变这些值。

Some readers may require certain parameter values in lower protocol layers (such as a specific UID cascade-level, a certain ATQA value, a certain SAK value, or a certain ATS). Android HCE does not have any means to set these values. See Editing Functionality of Host Card Emulation in Android for a possible approach to modify those values on certain rooted devices and my answer to Host-based Card Emulation with Fixed Card ID for a strategy to programatically change those values in a custom ROM.

在HCE功能的注意事项中的CyanogenMod的从9.1版本到10.2版本的：这将根据ISO / IEC模拟任何ISO / IEC 14443-4的协议，而不为应用程序结构的要求7816。你甚至可以选择，如果你想模仿A型或B型协议。所以，它应该是可能的（虽然我没有测试过）来模拟任意三个的DESFire协议。然而，即使使用的CyanogenMod的HCE特征是不可能模仿MIFARE超轻或经典协议。此外，它也不可能影响低级协议参数，如一个UID，ATQA，SAK，或ATS

A note on the HCE feature available in CyanogenMod from version 9.1 to version 10.2: This will emulate any ISO/IEC 14443-4 based protocol without the requirement for an application structure according to ISO/IEC 7816-4. You can even choose if you want to emulate Type A or Type B protocol. So it should be possible (though I haven't tested) to emulate any of the three DESFire protocols. However, even with the HCE feature of CyanogenMod it is not possible to emulate MIFARE Ultralight or Classic protocols. Moreover, it's also not possible to influence low-level protocol parameters such as a UID, ATQA, SAK, or ATS.

这篇关于与Android 4.4模拟Mifare卡的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！